Overview

overview

10

Static

static

1585cc8a5c...60.exe

windows7_x64

10

1585cc8a5c...60.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    40s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    05-07-2022 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1585cc8a5c403cc01450df1340d37960.exe

  • Size

    9KB

  • MD5

    1585cc8a5c403cc01450df1340d37960

  • SHA1

    dff56cae33d50951b069e6975763efe76612856e

  • SHA256

    7813f5cf2dec934b3bee4f6317f80e11e015e0598fb73c6cf3d3b666e7b540dd

  • SHA512

    57ff449893904d194854dacee51af0c9a0b8758980876a23c53f33bccf7518723efcf6f98cb52c6c41e4e920a60a30b2d7f75404cefc36d34066de42176ae027

Score
10/10
cobaltstrikebackdoorsuricatatrojan

Malware Config

Signatures

  • Cobaltstrike

    Detected malicious payload which is part of Cobaltstrike.

    trojanbackdoorcobaltstrike
  • suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)

    suricata: ET MALWARE Possible Metasploit Payload Common Construct Bind_API (from server)

    suricata

Processes

  • C:\Users\Admin\AppData\Local\Temp\1585cc8a5c403cc01450df1340d37960.exe
    "C:\Users\Admin\AppData\Local\Temp\1585cc8a5c403cc01450df1340d37960.exe"
    1⤵
      PID:1172

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1172-54-0x0000000000AD0000-0x0000000000AD8000-memory.dmp
      Filesize

      32KB

      Download
    • memory/1172-55-0x0000000000660000-0x000000000068E000-memory.dmp
      Filesize

      184KB

      Download
    • memory/1172-56-0x0000000001EE0000-0x0000000001F13000-memory.dmp
      Filesize

      204KB

      Download
    • memory/1172-58-0x0000000076191000-0x0000000076193000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1172-59-0x0000000004AE0000-0x0000000004BE0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1172-60-0x0000000004030000-0x0000000004085000-memory.dmp
      Filesize

      340KB

      Download
    • memory/1172-62-0x0000000000420000-0x0000000000440000-memory.dmp
      Filesize

      128KB

      Download
    • memory/1172-66-0x0000000004AE0000-0x0000000004BE0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1172-67-0x0000000001EE0000-0x0000000001F13000-memory.dmp
      Filesize

      204KB

      Download
    • memory/1172-68-0x0000000004AE0000-0x0000000004BE0000-memory.dmp
      Filesize

      1024KB

      Download
    • memory/1172-69-0x0000000004AE0000-0x0000000004BE0000-memory.dmp
      Filesize

      1024KB

      Download